<?php
namespace App\Http\Middleware;

use Closure;

use App\Services\Admin\AdminUserService;

/**
 * 后台权限管理中间件
 * Class AdminUserAuthority
 * @package App\Http\Middleware
 */
class AdminUserAuthority
{
    /**
     * 免限制
     * @var array
     */
    protected $except = [
        'admin/loginIndex',
        'admin/login',
        'admin/loginOut',
        'admin/index',
        'admin/errorIndex',

    ];

    /**
     * 权限验证
     * @param $request
     * @param Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next){
        $sessionData = $request->session()->get('admin_user');
        if(!empty($sessionData) && !empty($sessionData['id'])){
            $adminUserService = new AdminUserService();
            if(empty($adminUserService->validateAuthority($request, $this->except))){
                //跳到提示页
                session([
                    'errorMsg'=>'抱歉，您没有操作该页面的权限',
                ]);
                return redirect('admin/errorIndex');
            }
        }

        return $next($request);
    }

}
